Skip site navigation (1) Skip section navigation (2)

Peripheral Links

Header And Logo

PostgreSQL
| The world's most advanced open source database.

Site Navigation

Search for
  Advanced Search

Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to

  • From: John R Pierce <pierce(at)hogranch(dot)com>
  • To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
  • Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Simon Riggs <simon(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Ferindo Middleton <fmiddleton(at)verizon(dot)net>, pgsql-bugs(at)postgresql(dot)org
  • Subject: Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to
  • Date: Fri, 25 Nov 2005 12:42:56 -0800
  • Message-id: <43877750(dot)5040504(at)hogranch(dot)com>
Bruce Momjian wrote:

If someone wants to create a separate web page to track fixes related to
CVE number, that is fine.  My guess is that most people reading the
release notes don't care about the CVE numbers themselves (just that
each release has all known security bugs fixed), and most bugs that are
fixed don't have CVE numbers at commit time.
I think its quite reasonable for the one line description of a postgres bug to reference "CVE-2005-0247 multiple buffer overflows..." or whatever, I guess it kind of depends on which came first... if the CVE security item came first, and was entered into the PGSQL bug tracker, then this makes a LOT of sense. if the CVE folks create their entry AFTER the bug has been entered into PGSQL, it makes less sense.
Home | Main Index | Thread Index

Privacy Policy | PostgreSQL Archives hosted by Command Prompt, Inc. | Designed by tinysofa
Copyright © 1996 – 2008 PostgreSQL Global Development Group